Did this company decide to do this blindly or did they try canvasing a response from a target set of users about what they planned to do? Surely if they did canvas feedback for their plan then an overwhelming No would have prevented this unmitigated disaster.
Any chance of a post-mortem write up on how exactly things went wrong? Including some discussion on how data's going to be protected moving forward? Now that everyone knows this is a type of privacy violation that could occur, it's going to stay back of mind (a "why should we trust you with this sort of data now?" sort of deal). Potentially losing a job or having career plans stunted because a website added a new feature is a lot of power to trust a website with.
We're working on a post-mortem internally right now. The thing I want to do externally is make a more clear/binding commitment to user privacy. The idea is still a bit inchoate, but I want to do something that makes this not just about trusting us.
